Security is nowadays globally known of being in the need to get enforced by measures of authentication and change-protection incorporated and embedded into chips by fitting to physical and individual descriptors and characteristics not able to get copied. Such a mechanism is provided by a PUF (Physical Unclonable Function). This feature is called a (physical) fingerprint (FP) based on different physical effects and variables.
But even in case of this kind of protection, such a system is not in principle offering protection against an individual attack: Through (unrecognized) intercepting of data lines, a PUF-based secret (the fingerprint) can be disclosed and reconstructed on the digital layer. If this is successful, than the PUF can—depending on the implementation—be bypassed, if necessary with the help of a separate digital storage. Such an attack could be the more successful; the more the (IC) application developers are building their systems on the merits of being technically and functionally in a good shape but not taking notice of guidelines for criteria of security and cryptographic integrity.
Today most (software) security mechanisms are found in hardened (embedded) systems based on hardware security functions. Processing elementary units like microprocessors and controllers are responsible for performing safety-critical tasks on digital networks, in PCs, mobile phones, and other handheld (wireless) devices, Internet-based TVs or cars. Any failure of these systems could have an immediate impact on the real life.
State-of-the-art standards covering physical security requirements for cryptographic modules can be found in the highest level of security defined in the US standard NIST FIPS POB 140-2 Level 4 (available at http://www.nist.gov/manuscript-publication-search.cfm?pub_id=902003, page 3): “At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access”.
Due to the high number of security problems it can be assumed that the existing applied solutions are not as good as they should. Their state of security seems not sufficient for a suitable protection; the current approaches suffer either from the non-existence of on-a-big-scale “secure-enough” usable architectures or from difficulties in their reliable protection against ((semi-)invasive) attacks intending counterfeit (e.g. plagiarism) chips. But not only the protection of applications is an issue, there is also the wish to make malicious (e.g. Trojan horse with backdoors) of well-known leader-referenced (and all others too) chip art impossible. IC metering (midnight overproduction) is another revenue cutting aspect resulting into massive losses of jobs.
Jarrod A. Roy et al. introduced a way for IC protection (J. A. Roy, et al., “EPIC: Ending Piracy of Integrated Circuits”, Design, Automation and Test in Europe, 2008. DATE '08, pp. 1069-1074, 2008) requiring that every chip be activated with an external key, which can only be generated by the holder of the IP rights, combining automatically-generated chip IDs with public-key cryptography. Stating and rating potential attacks and countermeasures they state: “ . . . the pirates must modify chips or masks . . . ”. Such a modification has than to bypass the security logic in the chip. They conclude: “However, this scenario is unlikely because, at 45 nm and below, masks are much harder to read than the actual shapes on the chip, due to Resolution Enhancement Techniques (RET). Scanning the actual shapes in silico is even harder, and the investment required for this may not pay off because pirated chips sell at a lower cost, often at low volumes”. This could be a deceptive cadence.
Traditional physical security coded in transistors, gates, memory cells, or conducting paths gets more and more devaluated due to the availability of de-capsulation and de-processing knowledge (e.g. etching layers away), tools, and services (e.g. drilling holes or micro-probing using FIBs). Today even 3D-shaped, multilayered SoCs are de-layered, imaged, and de-layouted on a professional way. With that in hand, a transistor level netlist, gate netlist, and at least the complete hierarchal schematics are (cheap) reverse engineered. This put heavy pressure on the demand for a security technology not susceptible to such attacks. With this in mind, the scientific community searches for ways to achieve that.
First publications about the usage of physical properties gained from disordered systems for cryptographic applications could be traced back to Bauder (D. W. Bauder, “An anti-counterfeiting concept for currency systems,” Sandia National Labs. Albuquerque, N. Mex. 1983) and Simmons (G Simmons, “A system for verifying user identity and authorization at the point-of sale or access,” presented at the Advances in Cryptology—EUROCRYPT '88, 1984). The word POWF (Physical One-Way Function) and PUF (Physical Unclonable Function) were coined by Pappu Srinivasa Ravikanth (S. R. Pappu, “Physical one-way functions,” Massachusetts Institute of Technology, 2001 and S. Devadas, et al., “Design and Implementation of ‘Unclonable’ RFID ICs for Anti-Counterfeiting and Security Applications,” RFID World 2008, 2008). PUFs do not embody a direct accessible memory, they implement challenge-response authentication: A physical stimulus (called challenge) is applied to the PUF, resulting into a reaction (called response). A specific challenge and its corresponding response together form a Challenge Response Pair (CRP). PUFs should be unclonable within two aspects: Physical means the infeasibility to construct a PUF copy producing the (all) same CRPs of the original one. Mathematical means the infeasibility to describe a PUF in a formal logical way like a function or algorithm. It is the combination of both attributes which renders a PUF truly unclonable.
PUFs use randomness that can be intrinsically or explicitly introduced by a physical system. PUF relevant effects are found nearly everywhere in the matter-based world. Representatives of explicitly introduced PUFs includes optical ones using unique speckle scattering pattern, coating ones randomly doped with dielectric particles resulting into an unpredictable capacitance, or RF susceptible resonator circuitry build on integrated capacitors and coils providing strong resonance peaks called LC-PUFs. A fascinating work is the Radio-Frequency-Certificate-Of-Origin (RF-COA) approach presented by Darko Kirovski, Gerald Dejean et al. (V. Lakafosis, et al., “RF Fingerprinting Physical Objects for Anticounterfeiting Applications,” in Microwave Theory and Techniques, IEEE Transactions on, 2011, pp. 504-514; V. Lakafosis, et al., “An RFID system with enhanced hardware-enabled authentication and anti-counterfeiting capabilities,” in Microwave Symposium Digest (MTT), 2010 IEEE MTT-S International, 2010 and V. Lakafosis, et al., “RFID-CoA: The RFID tags as certificates of authenticity,” in RFID (RFID), 2011 IEEE International Conference on, Orlando, Fla., 2011). The basic idea covers the construction of unclonable tags and labels containing random constellations of scatterers printed on paper (one implementation) or laminated into credit-card (sized) applications consisting of “ . . . extremely difficult to replicate, random arrangement of a conductive material, such as copper wire, mixed with a firm dielectric material, such as plastic PET mold, that produces a unique and repeatable response in the near-field.”. This serves then as genuine-identifying-oracle, the same but analog direction as intended with the RFID (far-field) technology based on digital properties. RF-COAs do not contain any electronic circuitry and are challenged using an external (trusted) RF-reader.
A more ‘exotic’ representative is the magnetic PUF as found on some magnetic stripe cards fabricated by blending particles of barium ferrite shaped in many different sizes together in slurry. After drying up, the receptor layer is sliced into strips and applied to plastic cards. This attaches a distinctive, repeatable, and readable magnetic signal. Such a system was the technology ground for a system named Magneprint developed by Ronald Indeck at Washington University (R. S. Indeck and M. W. Muller, “Method and Apparatus for Fingerprinting and Authenticating Various Magnetic Media,” 1999). Examples of PUFs based on intrinsic randomness are silicon ones, e.g. bi-stable logic memory cells like SRAM-PUFs and Latches, Flip-Flops and Butterflies based ones, delay based ones, e.g. MUX/arbiters, ring oscillators or glitch PUFs to name a few. Intrinsic PUFs are said being attractive because they can be included in a design without or with only little modifications to the (silicon) manufacturing process. Most interest about intrinsic PUFs is captured by CMOS-based ones. The enrollment and verification phase handling of CRPs can be augmented through Fuzzy Extractors (FEs) (also called Helper-Data algorithms) realizing three functionalities: Error correction for information reconciliation, randomness extraction for privacy amplification, and robustness protecting integrity. FEs should also be seen in the light of information extraction, noise cancellation, and data compression: Characterization of the PUF and formatting the Helper-Data structure during the enrollment plus extracting and processing the physical data during the verification, (re)generating the fingerprint. This enables a number of new applications such as Physically Obscured Key (POK) storage where the control layer derives a secret from the PUF.
Trying to cover the physical complexity of a PUF structure from the algorithmic point of view, the Kolmogorov Complexity (KC) can be used. It describes in our PUF case the randomness or entropy a physical system has, defined as the size of the smallest computer program (in bits) required to generate the object in question to some degree of accuracy. KC stresses—in contrast to the Shannon entropy—the measurement of disorder without any need for probabilities. Of course, the average of KC is the same to the statistical entropy for a thermodynamic ensemble. To conclude, PUF's are pointing a way to handle the thermodynamic entropy of an isolated physical system useful for cryptographic element applications.